Back to search
CVE-2018-12533
Published: Jun 18, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2018:2664
vendor-advisory
x_refsource_REDHAT
1041617
vdb-entry
x_refsource_SECTRACK
https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html
x_refsource_MISC
RHSA-2018:2663
vendor-advisory
x_refsource_REDHAT
104502
vdb-entry
x_refsource_BID
RHSA-2018:2930
vendor-advisory
x_refsource_REDHAT
20200313 RichFaces exploitation toolkit
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now